Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11

[Ingo Molnar]

* Ingo Molnar <mingo@xxxxxxx> wrote:

> > > [...] when the program has trampolines and has PT_GNU_STACK
> > > header with an E bit on the stack it still won't get an executable
> > > heap by default  (this is what broke grub)

> > So I rather see the patch below merged instead; it fixes the worst
> > problems (RWE not marking the heap executable) while keeping this
> > useful feature enabled.
> > 
> > Signed-off-by: Arjan van de Ven <arjan@xxxxxxxxxxxxx>
> 
> looks good.
> 
>  Signed-off-by: Ingo Molnar <mingo@xxxxxxx>
> 
> (I'd like to stress that this problem only affects packages
> _recompiled_ with new gcc, running on NX capable CPUs - legacy apps or
> CPUs are in no way affected. Also, even with a recompile,
> apps/kernels/distros have a number of other options as well even
> without this kernel fix, of varying granularity: to use the setarch
> utility, to set the READ_IMPLIES_EXEC personality bit within the code,
> or to pass in the noexec=off kernel commandline option, or to add a
> oneliner patch to their heap of 1500+ kernel patches, or to fix the
> application. Also, with Arjan's patch applied, the execstack utility
> can be used to remark the binary permanently, if needed.)

another, purely userspace solution is to add an execstack.c flag that
clears the PT_GNU_STACK ELF program header and changes it to e.g.
PT_NULL. That makes it a 'legacy' binary for the purposes of the kernel.

	Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/